Metrics
Affected Vendors & Products
Solution
Update Mattermost to versions 10.6.0, 10.4.3, 10.5.1, 9.11.11 or higher. Alternatively, update the Mattermost Playbooks plugin to version 2.1.1 or higher.
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://mattermost.com/security-updates |
![]() ![]() |
Mon, 29 Sep 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost mattermost Server
|
|
CPEs | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* cpe:2.3:a:mattermost:mattermost_server:10.5.0:-:*:*:*:*:*:* |
|
Vendors & Products |
Mattermost mattermost Server
|
Thu, 24 Apr 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 24 Apr 2025 07:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific posts, overloading the server and leading to a denial-of-service (DoS) condition. | |
Title | DoS in Mattermost Playbooks via Excessive Task Actions | |
Weaknesses | CWE-770 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Mattermost
Published:
Updated: 2025-04-24T13:06:59.413Z
Reserved: 2025-04-22T11:38:20.801Z
Link: CVE-2025-35965

Updated: 2025-04-24T13:04:02.271Z

Status : Analyzed
Published: 2025-04-24T07:15:31.280
Modified: 2025-09-29T21:10:29.280
Link: CVE-2025-35965

No data.

Updated: 2025-07-13T11:06:43Z